Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,904
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 14,561 - 14,580 of 38,923 CVEs
CVE-2026-44788 MEDIUM - 5.9

SharpCompress is a fully managed C# library to deal with many compression types and formats. In 0.47.4 and earlier, a path traversal vulnerability in IArchive.WriteToDirectory() allows a malicious archive to create directories outside the intended extraction root. For TAR archives, this can be escal...

Vendor: nuget
Product: SharpCompress
Published: May 08, 2026
Source: GitHub
CVE-2026-44900 HIGH - 8.1

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.1, in SignedPublicKeysTrustValidatorImpl.isTrusted(), the ECDSA signature verification at line 45 discards the boolean return value of Signature.verify(). The method performs certificate chain valid...

Vendor: maven
Product: com.oviva.telematik:epa4all-client
Published: May 08, 2026
Source: GitHub
CVE-2026-44896 MEDIUM - 6.1

Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and realier, in src/mistune/directives/image.py, the render_figure() function concatenates figclass and figwidth options directly into HTML attributes without escaping. This allows attribute injection and XSS even when HTMLRend...

Vendor: pip
Product: mistune
Published: May 08, 2026
Source: GitHub
CVE-2026-44708 MEDIUM - 6.1

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the mistune math plugin renders inline math ($...$) and block math ($$...$$) by concatenating the raw user-supplied content directly into the HTML output without any HTML escaping. This occurs even when the parser is exp...

Vendor: pip
Product: mistune
Published: May 08, 2026
Source: GitHub
CVE-2026-44837 MEDIUM - 5.9

view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path. T...

Vendor: rubygems
Product: view_component
Published: May 08, 2026
Source: GitHub
CVE-2026-44836 MEDIUM - 6.5

view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls it with public_send. The code does not verify that the requested method is one of the preview exampl...

Vendor: rubygems
Product: view_component
Published: May 08, 2026
Source: GitHub
CVE-2026-44833 MEDIUM - 5.9

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. This vulnerability is fixed in 8.4.1.

Vendor: composer
Product: snipe/snipe-it
Published: May 08, 2026
Source: GitHub
CVE-2026-45130 MEDIUM - 6.6

Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows...

Vendor: vim
Product: vim
Published: May 08, 2026
Source: NVD

SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If the SysReptor installation has the "Forgot Password" functionality enable...

Vendor: Syslifters
Product: sysreptor
Published: May 08, 2026
Source: NVD
CVE-2026-44656 MEDIUM - 5.3

Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name completion. Because the p...

Vendor: vim
Product: vim
Published: May 08, 2026
Source: NVD

FastGPT is an AI Agent building platform. Prior to version 4.14.17, an unauthenticated Server-Side Request Forgery (SSRF) vulnerability allows attackers (or authenticated users with App editing privileges) to send arbitrary HTTP requests to internal/private network addresses. The fetchData function ...

Vendor: labring
Product: FastGPT
Published: May 08, 2026
Source: NVD
CVE-2026-44284 MEDIUM - 6.3

FastGPT is an AI Agent building platform. Prior to version 4.14.17, FastGPT had an inconsistent SSRF protection gap in MCP tool URL handling. The direct MCP preview/run endpoints already rejected internal/private network URLs, but the MCP tool create/update endpoints could still save an internal MCP...

Vendor: labring
Product: FastGPT
Published: May 08, 2026
Source: NVD
CVE-2026-42556 HIGH - 8.9

Postiz is an AI social media scheduling tool. From version 2.21.6 to before version 2.21.7, any authenticated user who can create a post can store arbitrary HTML in post content by tampering their own save request and send the public preview link /p/<postId>?share=true to another user. The pre...

Vendor: gitroomhq
Product: postiz-app
Published: May 08, 2026
Source: NVD
CVE-2026-42456 MEDIUM - 4.3

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, GET /api/workspace/:slug/tts/:chatId in AnythingLLM returns the text-to-speech audio for another user's chat response within the same workspace be...

Vendor: Mintplex-Labs
Product: anything-llm
Published: May 08, 2026
Source: NVD
CVE-2026-42454 CRITICAL - 9.9

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, all Docker container management endpoints in Termix interpolate the containerId URL path parameter and WebSocket message field directly into shell commands executed v...

Vendor: Termix-SSH
Product: Termix
Published: May 08, 2026
Source: NVD

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, the extractArchive and compressFiles endpoints in file-manager.ts use double-quoted strings for shell command construction, unlike all other file manager operations w...

Vendor: Termix-SSH
Product: Termix
Published: May 08, 2026
Source: NVD
CVE-2026-42452 HIGH - 8.1

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT (temp_token) for TOTP-enabled accounts. That token carries a pendingTOTP state and should only be valid for the second-factor flow...

Vendor: Termix-SSH
Product: Termix
Published: May 08, 2026
Source: NVD
CVE-2026-42451 MEDIUM - 6.3

Grimmory is a self-hosted digital library. Prior to version 2.3.1, a stored cross-site scripting (XSS) vulnerability in Grimmory's browser-based EPUB reader allows an attacker to embed arbitrary JavaScript in a crafted EPUB file. When a victim opens the book, the script executes in their browse...

Vendor: grimmory-tools
Product: grimmory
Published: May 08, 2026
Source: NVD

Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo query parameter. This issue has been patched in versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2.

Vendor: akuity
Product: kargo
Published: May 08, 2026
Source: NVD
CVE-2026-42346 MEDIUM - 6.5

Postiz is an AI social media scheduling tool. From version 2.16.6 to before version 2.21.7, all SSRF protections added in v2.21.4โ€“v2.21.6 share a fundamental TOCTOU (Time-of-Check-Time-of-Use) vulnerability: isSafePublicHttpsUrl() resolves DNS to validate the target IP, but subsequent fetch() calls ...

Vendor: gitroomhq
Product: postiz-app
Published: May 08, 2026
Source: NVD